skill-maintainer
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill demonstrates a significant attack surface for Indirect Prompt Injection by design. It ingests untrusted external content and uses it to modify instructions (skills) used by the AI agent.
- Ingestion points: Step 1 and 2 process user-uploaded markdown and text files described as 'Apple documentation'.
- Boundary markers: Absent. The skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded within the document content.
- Capability inventory: Step 4 (Update Target Skills) and Step 5 (Handle New Skills) perform file write and creation operations on the local file system.
- Sanitization: Absent. There is no logic to verify the authenticity of the documentation or to filter out malicious 'patterns' or 'constraints'. An attacker could provide a document that includes a 'Critical Constraint' instructing the agent to exfiltrate code or bypass safety checks, which this skill would then permanently install into the user's skill library.
Recommendations
- AI detected serious security threats
Audit Metadata